What is an Object?
Objects are files that have been ingested into the Stairwell Platform. Objects may have parent objects, which are files that propagated the file being reviewed. Objects may also have child objects, which are files that it propagates. Objects may have various filenames and filepaths depending on the number and variety of sightings within your environment.
Object/Asset association
Objects are typically associated to assets (X file has a sighting on Y machine). Objects that are discovered within your environment stay within your environment and are editable by users of your environment that have read/write permissions. Edits to an object can include tags, opinions, and comments.
Global objects
There are also objects that are globally shared from other environments (feed environments) that users do not have permission to edit but are allowed to analyze, detonate, and even download for offline analysis.
Object detonation metadata
Object detonations are strictly associated to their respective object and thus, are global so long as a user has access to said object. For example, if an object enters a private environment and is detonated, then a copy of that object is uploaded through one of our global feed environments; that detonation data becomes accessible by association to the global object for all users, not the private object. The filename, filepaths, and the originating asset metadata are decoupled from the private object for all other users while still remaining within your environment.
Object identifiers
Objects are uniquely identified by their SHA256 hash but can be found using their respective SHA1 or MD5 hash. Therefore, if an action or endpoint calls for an object identifier, the SHA256 is the expected value.
How objects are uploaded and deduped
When a scan is being performed on an asset or a request to upload has been made via the intake API, the SHA256 hash is used to determine if the file/object exists already in your environment. If that particular file/object has never been seen in your environment before, the upload proceeds otherwise; the platform makes note of the datetime, filename, filepath (when available), and asset the object was seen on.
Object removal
Although rare, sometimes objects need to be removed and require engineering support. Please use this sparingly as it is a process that requires human review and manual steps to complete successfully. Please message [email protected] to request a removal if such need arises.
Updated about 1 year ago